6.8
CVE-2014-1901
- EPSS 0.62%
- Veröffentlicht 14.05.2015 00:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range YCB004, YCK004, YCW004; EyeBall YCEB03; Bullet VGA YCBL03 and YCBLB3; Bullet HD 720 YCBLHD5; Y-cam Classic Range YCB002, YCK002, and YCW003; and Y-cam Original Range YCB001, YCW001, running firmware 4.30 and earlier, allow remote authenticated users to cause a denial of service (reboot) via a malformed (1) path parameter to en/store_main.asp, (2) item parameter to en/account/accedit.asp, or (3) emailid parameter to en/smtpclient.asp. NOTE: this issue can be exploited without authentication by leveraging CVE-2014-1900.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Y-cam ≫ Yceb03 Firmware Version4.30
Y-cam ≫ Ycb004 Firmware Version4.30
Y-cam ≫ Ycb002 Firmware Version4.30
Y-cam ≫ Ycbl03 Firmware Version4.30
Y-cam ≫ Ycblb3 Firmware Version4.30
Y-cam ≫ Yck002 Firmware Version4.30
Y-cam ≫ Ycblhd5 Firmware Version4.30
Y-cam ≫ Ycw003 Firmware Version4.30
Y-cam ≫ Ycw001 Firmware Version4.30
Y-cam ≫ Ycw002 Firmware Version4.30
Y-cam ≫ Ycb001 Firmware Version4.30
Y-cam ≫ Ycw004 Firmware Version4.30
Y-cam ≫ Yck003 Firmware Version4.30
Y-cam ≫ Yck004 Firmware Version4.30
Y-cam ≫ Ycb003 Firmware Version4.30
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.676 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8 | 6.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.